CN106961393A - The detection method and device of UDP messages in BlueDrama - Google Patents
The detection method and device of UDP messages in BlueDrama Download PDFInfo
- Publication number
- CN106961393A CN106961393A CN201710127646.XA CN201710127646A CN106961393A CN 106961393 A CN106961393 A CN 106961393A CN 201710127646 A CN201710127646 A CN 201710127646A CN 106961393 A CN106961393 A CN 106961393A
- Authority
- CN
- China
- Prior art keywords
- udp
- cryptographic hash
- default
- messages
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
Abstract
The embodiment of the present invention is the detection method and device on UDP messages in a kind of BlueDrama, and its method includes:Whether UDP message has been transmitted in monitoring network session;If transmission there are UDP messages in BlueDrama, the UDP messages are done into Hash processing, UDP message cryptographic Hash is obtained;Default UDP packet check queues are obtained, the default UDP packet checks queue includes multiple default cryptographic Hash, and the multiple default cryptographic Hash is arranged in order according to priority;Judge to whether there is the target cryptographic Hash equal with the UDP messages cryptographic Hash in the multiple default cryptographic Hash;If there is the target cryptographic Hash equal with the UDP messages cryptographic Hash in the multiple default cryptographic Hash, the UDP messages are abandoned.It can so avoid among prior art directly by way of feature detection, cause detection efficiency relatively low and be also possible to take the problem of user is compared with multiple resource.
Description
Technical field
The present embodiments relate to a kind of detection method of UDP messages in communication technical field, more particularly to BlueDrama
And device.
Background technology
Transmission control protocol (Transmission Control Protocol, TCP)/Internet protocol (Internet
Protocol, IP) be internet basis, conventional transport layer protocol wherein in network includes TCP and UDP.With TCP phases
Than UDP more light weights so that often higher using UDP efficiency of transmission in data transfer, but due to UDP error checking
Position is less so that the reliability when transmitting data using UDP is lower than TCP.The characteristics of according to TCP and UDP each, generally in trip
Play, Streaming Media and networking telephone (Voice over Internet Protocol, VoIP) etc., which are applied, uses UDP, and net
The most application such as page, mail, Telnet uses TCP.
In recent years, userbase, application type and the flow of peer-to-peer network (Peer-to-peer, P2P) are in explosion type
Increase.Because the network bandwidth can be used the limit by P2P using the connection between many main frames of multithreading or server.Based on each
The network traffics for planting P2P agreements are skyrocketed through and occupy the most network bandwidth.Therefore, under many circumstances, P2P is flowed
The detection of amount is very necessary.However, penetrating network address translation usually using UDP realizations because many P2P are applied
(Network Address Translation, NAT), realizes the main frame connection of across a network, so can be difficult tool in management P2P
There is the BlueDrama of a large amount of variable port connections, and then be difficult to intercept to be sent to the unhelpful UDP messages of user.
The content of the invention
To overcome relevant issues present in correlation technique, the embodiment of the present invention provides UDP messages in a kind of BlueDrama
Detection method and device.
First aspect according to embodiments of the present invention there is provided a kind of detection method of UDP messages in BlueDrama, including:
Whether UDP message has been transmitted in monitoring network session;
If transmission there are UDP messages in BlueDrama, the UDP messages are done into Hash processing, UDP message Hash is obtained
Value;
Default UDP packet check queues are obtained, the default UDP packet checks queue includes multiple default cryptographic Hash, institute
Multiple default cryptographic Hash are stated to be arranged in order according to priority;
Judge to whether there is the target cryptographic Hash equal with the UDP messages cryptographic Hash in the multiple default cryptographic Hash;
If there is the target cryptographic Hash equal with the UDP messages cryptographic Hash in the multiple default cryptographic Hash, abandon
The UDP messages.
In a kind of possible design provided in an embodiment of the present invention, methods described also includes:
Improve priority of the target cryptographic Hash in the UDP packet checks queue.
In a kind of possible design provided in an embodiment of the present invention, also include:
If the target cryptographic Hash equal with the cryptographic Hash is not present in the default cryptographic Hash, it is allowed to the UDP reports
Text transmission.
In a kind of possible design provided in an embodiment of the present invention, methods described also includes:
, will if the target cryptographic Hash equal with the UDP messages cryptographic Hash is not present in the multiple default cryptographic Hash
The UDP messages carry out feature extraction, obtain UDP message characteristics;
Judge whether the UDP message characteristics match with the feature in default ATL;
If the UDP message characteristics match with the feature in default ATL, the cryptographic Hash of the UDP messages is added
Enter into the default UDP packet checks queue, and by the UDP packet loss.
In a kind of possible design provided in an embodiment of the present invention, methods described also includes:
If the UDP message characteristics are mismatched with the feature in default ATL, it is allowed to the UDP message transmission.
Second aspect according to embodiments of the present invention there is provided a kind of detection means of UDP messages in BlueDrama, including:
Message monitoring unit, for whether having transmitted UDP messages in monitoring network session;
Hash processing unit, for when transmission has UDP messages in BlueDrama, the UDP messages to be done into Hash processing,
Obtain UDP message cryptographic Hash;
Acquiring unit, for obtaining default UDP packet checks queue, the default UDP packet checks queue includes multiple
Default cryptographic Hash, the multiple default cryptographic Hash is arranged in order according to priority;
Cryptographic Hash judging unit, for judging to whether there is and the UDP messages Hash in the multiple default cryptographic Hash
The equal target cryptographic Hash of value;
First message unit is equal with the UDP messages cryptographic Hash for existing in the multiple default cryptographic Hash
During target cryptographic Hash, the UDP messages are abandoned.
In a kind of possible design provided in an embodiment of the present invention, described device also includes:
Priority processing unit, for improving priority of the target cryptographic Hash in the UDP packet checks queue.
In a kind of possible design provided in an embodiment of the present invention, described device also includes:
Second message process unit, for the target equal with the cryptographic Hash to be not present in the fruit default cryptographic Hash
During cryptographic Hash, it is allowed to the UDP message transmission.
In a kind of possible design provided in an embodiment of the present invention, described device also includes:
Feature extraction unit is equal with the UDP messages cryptographic Hash for being not present in the multiple default cryptographic Hash
Target cryptographic Hash when, by the UDP messages carry out feature extraction, obtain UDP message characteristics;
Matching judgment unit, with judging whether the UDP message characteristics match with the feature in default ATL;
Cryptographic Hash processing unit, when matching for the feature in the UDP message characteristics and default ATL, by institute
The cryptographic Hash for stating UDP messages is added in the default UDP packet checks queue, and by the UDP packet loss.
In a kind of possible design provided in an embodiment of the present invention, described device also includes:
3rd message process unit, when being mismatched for the feature in the UDP message characteristics and default ATL, permits
Perhaps described UDP message transmission.
The technical scheme that embodiments of the invention are provided can include the following benefits:
The detection method of UDP messages in BlueDrama provided in an embodiment of the present invention, by being transmitted in monitoring network session
UDP messages, the cryptographic Hash of the UDP messages is compared with the cryptographic Hash in default UDP packet checks queue, to judge net
The unwanted UDP messages of user whether have been transmitted in network session, and the unwanted DUP messages of user have been lost from BlueDrama
Abandon.It can so avoid among prior art directly by way of feature detection, causing detection efficiency relatively low and being also possible to account for
The problem of with user compared with multiple resource.
It should be appreciated that the general description of the above and detailed description hereinafter are only exemplary and explanatory, not
The embodiment of the present invention can be limited.
Brief description of the drawings
Accompanying drawing herein is merged in specification and constitutes the part of this specification, shows the implementation for meeting the present invention
Example, and be used to together with specification to explain the principle of the embodiment of the present invention.
Fig. 1 is the detection method of UDP messages in a kind of BlueDrama according to an exemplary embodiment of the invention
Flow chart;
Fig. 2 is the detection method of UDP messages in a kind of BlueDrama according to another exemplary embodiment of the present invention
Flow chart;
Fig. 3 is a kind of structural representation of the detection means of UDP messages according to an exemplary embodiment of the invention;
Fig. 4 is a kind of structural representation of the detection means of UDP messages according to another exemplary embodiment of the present invention
Figure;
Fig. 5 is a kind of structural representation of terminal according to an exemplary embodiment of the invention.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the embodiment of the present invention.On the contrary, they be only with
As be described in detail in the appended claims, embodiment of the present invention some in terms of consistent apparatus and method example.
Because increasing P2P softwares use UDP penetrating NATs in current BlueDrama, to realize the main frame of across a network
Connection.And UDP is connectionless protocol, due to being connected using substantial amounts of variable port so that be difficult that management is passed in BlueDrama
Defeated UDP messages, and then also can not effectively intercept the UDP message unhelpful to user.And among prior art, often rely on
Feature detection, will needed for the UDP messages of detection UDP in BlueDrama is judged by way of feature extraction, characteristic matching
Whether message is the UDP messages for needing to transmit, and the UDP packet loss that need not be transmitted is realized to the UDP messages in BlueDrama
Management.
However, the mode of feature detection UDP messages is directly being utilized among prior art, to realize UDP in BlueDrama
During the management of message, the connectionless protocol and the complexity of feature extraction and matching process used based on UDP messages so that UDP
The feature detection of message can take a lot of time, in turn result in BlueDrama can aging immediately, and in BlueDrama UDP report
During the feature detection of text, the substantial amounts of UDP messages meeting substantial amounts of resource of silkworm chrysalis equipment so that UDP messages in BlueDrama
Management effect is not good.
Based on the above-mentioned problems in the prior art, the embodiment of the present invention provide firstly UDP in a kind of BlueDrama
The detection method of message, as shown in figure 1, this method may include steps of:
In step s 110, UDP messages whether have been transmitted in monitoring network session.
In the embodiment that the present invention is provided, the UDP messages for needing to intercept are obtained first, wherein, these need what is intercepted
UDP messages are the unwanted rubbish UDP messages of user or the UDP messages being harmful to user, that is, obtain the unwanted UDP of user
Message.
The five-tuple of the UDP messages of these unwanted UDP messages of user is done 32 Hash by the embodiment of the present invention in advance
Processing, obtains cryptographic Hash.Wherein, one cryptographic Hash of identical UDP messages correspondence, different UDP messages correspond to different respectively
Cryptographic Hash.In addition, the corresponding cryptographic Hash of the unwanted UDP messages of these users is included in into default UDP in the embodiment of the present invention
Among packet check queue, the default UDP packet check queues may apply in the communication interface of user terminal, and user intercepts
The UDP messages of user are sent in BlueDrama.
The embodiment of the present invention is during the UDP packet checks in BlueDrama, it is necessary first to judge in BlueDrama
Whether transmission has UDP messages, if there is UDP messages in BlueDrama, it is necessary to be carried out to these UDP messages in BlueDrama
Detection.
Therefore, if transmission there are UDP messages in BlueDrama, in the step s 120, UDP messages is done into Hash processing, obtained
To UDP message cryptographic Hash.
Hash processing can be done to the UDP messages in BlueDrama by prior art in the embodiment of the present invention, such as it is right
UPD messages do 32 Hash processing.Wherein, identical UDP messages can obtain a cryptographic Hash after Hash is handled, different
UDP messages correspond to different cryptographic Hash respectively.
In step s 130, default UDP packet check queues are obtained.
Wherein, the default UDP packet checks queue includes multiple default cryptographic Hash.In addition, the plurality of default cryptographic Hash is pressed
It is arranged in order according to priority.By according to the height of default cryptographic Hash priority in the embodiment of the present invention, successively with BlueDrama
UDP message cryptographic Hash be compared.
In the embodiment of the present invention, by the corresponding cryptographic Hash of UDP messages (i.e. UDP messages cryptographic Hash) in BlueDrama respectively
Be compared with the default cryptographic Hash in default UDP packet checks queue, so as to judge in default UDP packet check queues whether
Target cryptographic Hash is used as in the presence of the cryptographic Hash equal with UDP message cryptographic Hash, and using the cryptographic Hash.
In step S140, judge to whether there is the mesh equal with UDP message cryptographic Hash in default UDP packet check queues
Mark cryptographic Hash.
If there is the target cryptographic Hash equal with UDP message cryptographic Hash in default UDP packet check queues, in step
In S150, UDP messages are abandoned.
If there is the target cryptographic Hash equal with UDP message cryptographic Hash in default UDP packet check queues, illustrate network
Corresponding UDP messages are the unwanted UDP messages of user, it is necessary to which the UDP messages are intercepted in session, and by the UDP messages
Abandon, so avoid because largely and the UDP message unhelpful to user is sent to user.
Alternatively, in the another embodiment that the present invention is provided, as shown in figure 1, this method can also include step S160,
Wherein,
In step S160, priority of the target cryptographic Hash in default UDP packet check queues is improved.
Because target cryptographic Hash is equal with the corresponding cryptographic Hash of UDP transmitted in current network session, in order to improve detection
Hand over and heighten the priority of the target cryptographic Hash in efficiency, the embodiment of the present invention.Wherein, if the target cryptographic Hash is reported in UDP
Priority in text detection queue has been highest, then preserve the target cryptographic Hash preferential in the UDP packet check queues
Level keeps constant, otherwise, priority of the target cryptographic Hash in UDP packet check queues can be adjusted into highest state,
So as to which preferentially the target cryptographic Hash is compared with UDP message cryptographic Hash during the UDP packet checks in subsequent network session
It is right.
As shown in figure 1, in the another embodiment that the present invention is provided, if be not present in default UDP packet check queues
The target cryptographic Hash equal with cryptographic Hash, in step S170, it is allowed to UDP message transmission.
The detection method of UDP messages in BlueDrama provided in an embodiment of the present invention, by being transmitted in monitoring network session
UDP messages, the cryptographic Hash of the UDP messages is compared with the cryptographic Hash in default UDP packet checks queue, to judge net
The unwanted UDP messages of user whether have been transmitted in network session, and the unwanted DUP messages of user have been lost from BlueDrama
Abandon.It can so avoid among prior art directly by way of feature detection, causing detection efficiency relatively low and being also possible to account for
The problem of with user compared with multiple resource.Breathed out in addition, the embodiment of the present invention has in default UDP detections queue is detected with UDP messages
During the equal target cryptographic Hash of uncommon value, priority of the target cryptographic Hash in default UDP detections queue can be heightened, to carry
High detection efficiency.
Based on shown in 1, in the another embodiment that the present invention is provided, if as shown in Fig. 2 default UDP packet checks team
The target cryptographic Hash equal with UDP message cryptographic Hash is not present in row, in step S180, UDP messages are subjected to feature extraction,
Obtain UDP message characteristics.
In step S190, judge whether UDP message characteristics match with the feature in default ATL.
If UDP message characteristics match with the feature in default ATL, in step S191, by the Kazakhstan of UDP messages
Uncommon value is added in default UDP packet checks queue, and by the UDP packet loss.
If UDP message characteristics are mismatched with the feature in default ATL, in step S192, it is allowed to the UDP messages
Transmission.
The detection method of UDP messages in BlueDrama provided in an embodiment of the present invention, by being transmitted in monitoring network session
UDP messages, the cryptographic Hash of the UDP messages is compared with the cryptographic Hash in default UDP packet checks queue, to judge net
The unwanted UDP messages of user whether have been transmitted in network session, and the unwanted DUP messages of user have been lost from BlueDrama
Abandon.It can so avoid among prior art directly by way of feature detection, causing detection efficiency relatively low and being also possible to account for
The problem of with user compared with multiple resource.
In addition, the embodiment of the present invention has equal with UDP message cryptographic Hash in default UDP detections queue is not detected
During target cryptographic Hash, in order to prevent the cryptographic Hash that the UDP message unhelpful to user is not covered in default UDP detections queue
When, whether it is the unhelpful UDP messages of user that current UDP messages can also be judged by way of feature detection, if it is,
It is added to by the UDP packet loss, and by the corresponding cryptographic Hash of UDP messages among default UDP packet checks queue, updates
UDP packet check queues, so as to subsequently to the UDP packet checks in BlueDrama.By by two kinds of UDP in the embodiment of the present invention
The detection mode reasonable combination of message, can be with the detection efficiency of UDP messages in significantly more efficient raising BlueDrama.
The description of embodiment of the method more than, it is apparent to those skilled in the art that the present invention is real
Applying example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but many situations
It is lower the former be more preferably embodiment.Understood based on such, the technical scheme of the embodiment of the present invention is substantially in other words to existing
The part for having technology to contribute can be embodied in the form of software product, and the computer software product is stored in one and deposited
In storage media, including some instructions are make it that a computer equipment (can be personal computer, server, or network
Equipment etc.) perform all or part of step of each of the invention embodiment methods described.And foregoing storage medium includes:It is read-only
Memory (ROM), random access memory (RAM), magnetic disc or CD etc. are various can be with the medium of store program codes.
In addition, as the realization to the various embodiments described above, the embodiment of the present invention additionally provides UDP in a kind of BlueDrama and reported
The detection means of text, the device is located in terminal, as shown in figure 3, the device includes:
Message monitoring unit 10, for whether having transmitted UDP messages in monitoring network session;
Hash processing unit 20, for when transmission has UDP messages in BlueDrama, the UDP messages to be done at Hash
Reason, obtains UDP message cryptographic Hash;
Acquiring unit 30, for obtaining default UDP packet checks queue, the default UDP packet checks queue includes many
Individual default cryptographic Hash, the multiple default cryptographic Hash is arranged in order according to priority;
Cryptographic Hash judging unit 40, is breathed out for judging to whether there is in the multiple default cryptographic Hash with the UDP messages
The equal target cryptographic Hash of uncommon value;
First message process unit 50, for existing and the UDP messages cryptographic Hash in the multiple default cryptographic Hash
During equal target cryptographic Hash, the UDP messages are abandoned.
In still another embodiment of the process, described device also includes:
Priority processing unit 60, it is preferential in the UDP packet checks queue for improving the target cryptographic Hash
Level.
In still another embodiment of the process, described device also includes:
Second message process unit 70, for the target equal with the cryptographic Hash to be not present in the default cryptographic Hash
During cryptographic Hash, it is allowed to the UDP message transmission.
In still another embodiment of the process, based on Fig. 3, as shown in figure 4, described device also includes:
Feature extraction unit 91, for being not present and the UDP messages cryptographic Hash phase in the multiple default cryptographic Hash
Deng target cryptographic Hash when, by the UDP messages carry out feature extraction, obtain UDP message characteristics;
Matching judgment unit 92, with judging whether the UDP message characteristics match with the feature in default ATL;
Cryptographic Hash processing unit 93, will when matching for the feature in the UDP message characteristics and default ATL
The cryptographic Hash of the UDP messages is added in the default UDP packet checks queue, and by the UDP packet loss.
3rd message process unit 94, the feature being additionally operable in the UDP message characteristics and default ATL is mismatched
When, it is allowed to the UDP message transmission.
On the device in above-described embodiment, wherein modules perform the concrete mode of operation in relevant this method
Embodiment in be described in detail, explanation will be not set forth in detail herein.
The embodiment of the present invention also provides a kind of terminal, as shown in figure 5, the terminal 210 includes:At least one processor 211,
At least one bus 212, at least one communication interface 213 and at least one memory 214, wherein,
Memory 214 is used to store computer executed instructions;Memory 214 can include read-only storage and arbitrary access
Memory, and provide instruction and data to processor 211.The a part of of memory 214 can also deposit including non-volatile random
Access to memory (NVRAM, Non-Volatile Random Access Memory);
Processor 211 is connected with communication interface 213, memory 214 by bus 212;
In an embodiment of the invention, when computer is run, processor 211 performs the meter stored in memory 214
Calculation machine execute instruction, processor 211 can perform the detection side of UDP messages in the BlueDrama in Fig. 1 or embodiment illustrated in fig. 2
Method.
It is understood that the embodiment of the present invention can be used in numerous general or special purpose computing system environments or configuration.
For example:Personal computer, server computer, handheld device or portable set, laptop device, multicomputer system, base
In the system of microprocessor, set top box, programmable consumer-elcetronics devices, network PC, minicom, mainframe computer, bag
Include DCE of any of the above system or equipment etc..
The embodiment of the present invention can be described in the general context of computer executable instructions, example
Such as program module.Usually, program module include performing particular task or realize the routine of particular abstract data type, program,
Object, component, data structure etc..The embodiment of the present invention can also be put into practice in a distributed computing environment, it is distributed at these
In computing environment, task is performed by the remote processing devices connected by communication network.In a distributed computing environment,
Program module can be located at including in the local and remote computer-readable storage medium including storage device.
It should be noted that herein, the relational terms of such as " first " and " second " or the like are used merely to one
Individual entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operate it
Between there is any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to
Cover including for nonexcludability, so that process, method, article or equipment including a series of key elements not only include those
Key element, but also other key elements including being not expressly set out, or also include for this process, method, article or set
Standby intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that
Also there is other identical element in the process including the key element, method, article or equipment.
Those skilled in the art will readily occur to this hair after considering specification and putting into practice inventive embodiments disclosed herein
Other embodiments of bright embodiment.Any modification, purposes or the adaptability that the application is intended to the embodiment of the present invention become
Change, these modifications, purposes or adaptations follow the general principle of the embodiment of the present invention and including the embodiment of the present invention
Undocumented common knowledge or conventional techniques in the art.Description and embodiments be considered only as it is exemplary,
The true scope and spirit of the embodiment of the present invention are pointed out by following claim.
It should be appreciated that the accurate knot that the embodiment of the present invention is not limited to be described above and is shown in the drawings
Structure, and various modifications and changes can be being carried out without departing from the scope.The scope of the embodiment of the present invention is only by appended right
It is required that to limit.
Claims (10)
1. the detection method of UDP messages in a kind of BlueDrama, it is characterised in that including:
Whether UDP message has been transmitted in monitoring network session;
If transmission there are UDP messages in BlueDrama, the UDP messages are done into Hash processing, UDP message cryptographic Hash is obtained;
Default UDP packet check queues are obtained, the default UDP packet checks queue includes multiple default cryptographic Hash, described many
Individual default cryptographic Hash is arranged in order according to priority;
Judge to whether there is the target cryptographic Hash equal with the UDP messages cryptographic Hash in the multiple default cryptographic Hash;
If there is the target cryptographic Hash equal with the UDP messages cryptographic Hash in the multiple default cryptographic Hash, abandon described
UDP messages.
2. according to the method described in claim 1, it is characterised in that methods described also includes:
Improve priority of the target cryptographic Hash in the UDP packet checks queue.
3. method according to claim 1 or 2, it is characterised in that also include:
If the target cryptographic Hash equal with the cryptographic Hash is not present in the default cryptographic Hash, it is allowed to which the UDP messages are passed
It is defeated.
4. method according to claim 1 or 2, it is characterised in that methods described also includes:
, will be described if the target cryptographic Hash equal with the UDP messages cryptographic Hash is not present in the multiple default cryptographic Hash
UDP messages carry out feature extraction, obtain UDP message characteristics;
Judge whether the UDP message characteristics match with the feature in default ATL;
If the UDP message characteristics match with the feature in default ATL, the cryptographic Hash of the UDP messages is added to
In the default UDP packet checks queue, and by the UDP packet loss.
5. method according to claim 4, it is characterised in that methods described also includes:
If the UDP message characteristics are mismatched with the feature in default ATL, it is allowed to the UDP message transmission.
6. the detection means of UDP messages in a kind of BlueDrama, it is characterised in that including:
Message monitoring unit, for whether having transmitted UDP messages in monitoring network session;
Hash processing unit, for when transmission having UDP messages in BlueDrama, the UDP messages being done into Hash processing, obtained
UDP message cryptographic Hash;
Acquiring unit, for obtaining default UDP packet checks queue, the default UDP packet checks queue includes multiple default
Cryptographic Hash, the multiple default cryptographic Hash is arranged in order according to priority;
Cryptographic Hash judging unit, for judging to whether there is and the UDP messages cryptographic Hash phase in the multiple default cryptographic Hash
Deng target cryptographic Hash;
First message unit, for there is the target equal with the UDP messages cryptographic Hash in the multiple default cryptographic Hash
During cryptographic Hash, the UDP messages are abandoned.
7. device according to claim 6, it is characterised in that described device also includes:
Priority processing unit, for improving priority of the target cryptographic Hash in the UDP packet checks queue.
8. the device according to claim 6 or 7, it is characterised in that described device also includes:
Second message process unit, for the target Hash equal with the cryptographic Hash to be not present in the fruit default cryptographic Hash
During value, it is allowed to the UDP message transmission.
9. the device according to claim 6 or 7, it is characterised in that described device also includes:
Feature extraction unit, for the mesh equal with the UDP messages cryptographic Hash to be not present in the multiple default cryptographic Hash
When marking cryptographic Hash, the UDP messages are subjected to feature extraction, UDP message characteristics are obtained;
Matching judgment unit, with judging whether the UDP message characteristics match with the feature in default ATL;
Cryptographic Hash processing unit, will be described when matching for the feature in the UDP message characteristics and default ATL
The cryptographic Hash of UDP messages is added in the default UDP packet checks queue, and by the UDP packet loss.
10. device according to claim 9, it is characterised in that described device also includes:
3rd message process unit, when being mismatched for the feature in the UDP message characteristics and default ATL, it is allowed to institute
State UDP message transmission.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710127646.XA CN106961393B (en) | 2017-03-06 | 2017-03-06 | Detection method and device for UDP (user Datagram protocol) message in network session |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710127646.XA CN106961393B (en) | 2017-03-06 | 2017-03-06 | Detection method and device for UDP (user Datagram protocol) message in network session |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106961393A true CN106961393A (en) | 2017-07-18 |
| CN106961393B CN106961393B (en) | 2020-11-27 |
Family
ID=59470146
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710127646.XA Active CN106961393B (en) | 2017-03-06 | 2017-03-06 | Detection method and device for UDP (user Datagram protocol) message in network session |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106961393B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112152937A (en) * | 2020-09-29 | 2020-12-29 | 锐捷网络股份有限公司 | Message duplicate removal method and device, electronic equipment and storage medium |
| CN113726830A (en) * | 2020-05-25 | 2021-11-30 | 网联清算有限公司 | Message identifier generation method and device |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399754A (en) * | 2007-09-28 | 2009-04-01 | 华为技术有限公司 | Method and device for passing through firewall by mobile IP |
| CN101442519A (en) * | 2007-11-22 | 2009-05-27 | 北京启明星辰信息技术股份有限公司 | Method and system for monitoring P2P software |
| CN101599976A (en) * | 2009-07-10 | 2009-12-09 | 成都市华为赛门铁克科技有限公司 | The method and apparatus of filtering user datagram protocol data packet |
| CN101635658A (en) * | 2009-08-26 | 2010-01-27 | 中国科学院计算技术研究所 | Method and system for detecting abnormality of network secret stealing behavior |
| CN101702121A (en) * | 2009-10-29 | 2010-05-05 | 珠海金山软件股份有限公司 | Device for controlling network flow of program in Windows system |
| CN102289614A (en) * | 2010-06-18 | 2011-12-21 | 三星Sds株式会社 | Anti-malware system and operating method thereof |
| EP2410453A1 (en) * | 2010-06-21 | 2012-01-25 | Samsung SDS Co. Ltd. | Anti-malware device, server, and method of matching malware patterns |
| CN105592044A (en) * | 2015-08-21 | 2016-05-18 | 杭州华三通信技术有限公司 | Message attack detection method and device |
| CN105657025A (en) * | 2016-01-26 | 2016-06-08 | 南京贝伦思网络科技股份有限公司 | Homologous homoclinic algorithm for realizing passing UDP message through load balancing device based on UDP characteristic keyword matching and structure thereof |
-
2017
- 2017-03-06 CN CN201710127646.XA patent/CN106961393B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399754A (en) * | 2007-09-28 | 2009-04-01 | 华为技术有限公司 | Method and device for passing through firewall by mobile IP |
| CN101442519A (en) * | 2007-11-22 | 2009-05-27 | 北京启明星辰信息技术股份有限公司 | Method and system for monitoring P2P software |
| CN101599976A (en) * | 2009-07-10 | 2009-12-09 | 成都市华为赛门铁克科技有限公司 | The method and apparatus of filtering user datagram protocol data packet |
| CN101635658A (en) * | 2009-08-26 | 2010-01-27 | 中国科学院计算技术研究所 | Method and system for detecting abnormality of network secret stealing behavior |
| CN101702121A (en) * | 2009-10-29 | 2010-05-05 | 珠海金山软件股份有限公司 | Device for controlling network flow of program in Windows system |
| CN102289614A (en) * | 2010-06-18 | 2011-12-21 | 三星Sds株式会社 | Anti-malware system and operating method thereof |
| EP2410453A1 (en) * | 2010-06-21 | 2012-01-25 | Samsung SDS Co. Ltd. | Anti-malware device, server, and method of matching malware patterns |
| CN105592044A (en) * | 2015-08-21 | 2016-05-18 | 杭州华三通信技术有限公司 | Message attack detection method and device |
| CN105657025A (en) * | 2016-01-26 | 2016-06-08 | 南京贝伦思网络科技股份有限公司 | Homologous homoclinic algorithm for realizing passing UDP message through load balancing device based on UDP characteristic keyword matching and structure thereof |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113726830A (en) * | 2020-05-25 | 2021-11-30 | 网联清算有限公司 | Message identifier generation method and device |
| CN113726830B (en) * | 2020-05-25 | 2023-09-12 | 网联清算有限公司 | Message identifier generation method and device |
| CN112152937A (en) * | 2020-09-29 | 2020-12-29 | 锐捷网络股份有限公司 | Message duplicate removal method and device, electronic equipment and storage medium |
| CN112152937B (en) * | 2020-09-29 | 2022-08-19 | 锐捷网络股份有限公司 | Message duplicate removal method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106961393B (en) | 2020-11-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11956338B2 (en) | Correlating packets in communications networks | |
| US11330016B2 (en) | Generating collection rules based on security rules | |
| US20060031928A1 (en) | Detector and computerized method for determining an occurrence of tunneling activity | |
| CN105939297B (en) | A kind of TCP message recombination method and device | |
| CN107124402A (en) | A kind of method and apparatus of packet filtering | |
| CN112398781B (en) | Attack testing method, host server and control server | |
| US20160173444A1 (en) | Methods, systems, and computer readable media for initiating and executing performance tests of a private network and/or components thereof | |
| US20180077037A1 (en) | Verify a network function by inquiring a model using a query language | |
| Tsiatsikas et al. | The devil is in the detail: SDP-driven malformed message attacks and mitigation in SIP ecosystems | |
| Nath et al. | Tcp-ip model in data communication and networking | |
| CN106961393A (en) | The detection method and device of UDP messages in BlueDrama | |
| Luckie et al. | Resilience of deployed TCP to blind attacks | |
| CN105991442B (en) | Message forwarding method and device | |
| WO2012144987A1 (en) | Computing a performance characteristic of a network device | |
| Tahir et al. | A novel DDoS floods detection and testing approaches for network traffic based on linux techniques | |
| Tas et al. | Novel session initiation protocol-based distributed denial-of-service attacks and effective defense strategies | |
| CN105991353A (en) | Fault location method and device | |
| Al-Azzawi | Towards the security analysis of the five most prominent IPv4aaS technologies | |
| US11683294B2 (en) | Privacy-preserving learning of web traffic | |
| Li et al. | Digital forensics on Tencent QQ-instant messaging service in China | |
| CN109302390A (en) | A kind of leak detection method and device | |
| US11265372B2 (en) | Identification of a protocol of a data stream | |
| Al-Azzawi | Plans for the security analysis of IPv4aaS technologies | |
| US11582158B2 (en) | System and methods to filter out noisy application signatures to improve precision of first packet classification | |
| US20240007435A1 (en) | Chassis system management through data paths |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |